The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its highly anticipated ERM Framework: Enterprise Risk Management–Integrating with Strategy and Performance. This new document builds on its predecessor, Enterprise Risk Management–Integrated Framework, one of the most widely recognized and applied risk management frameworks in the world. The updated edition is designed to help organizations create, preserve, and realize value while improving their approach to managing risk. Read news release.
In keeping with its overall mission, the COSO Board commissioned and published in 2004 the Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting.
Enterprise Risk Management
Integrating with Strategy and Performance
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. Read executive summary. Quote:
The Changing Risk Landscape
Our understanding of the nature of risk, the art and science of choice, lies at the core of our modern economy. Every choice we make in the pursuit of objectives has its risks. From day-to- day operational decisions to the fundamental trade-offs in the boardroom, dealing with risk in these choices is a part of decision-making.
As we seek to optimize a range of possible outcomes, decisions are rarely binary, with a right and wrong answer. That’s why enterprise risk management may be called both an art and a science. And when risk is considered in the formulation of an organization’s strategy and business objectives, enterprise risk management helps to optimize outcomes.
Our understanding of risk and our practice of enterprise risk management have improved greatly over the past few decades. But the margin for error is shrinking. The World Economic Forum has commented on the “increasing volatility, complexity and ambiguity of the world.” That’s a phenomenon we all recognize. Organizations encounter challenges that impact reliability, relevancy, and trust. Stakeholders are more engaged today, seeking greater transparency and accountability for managing the impact of risk while also critically evaluating leadership’s ability to crystalize opportunities. Even success can bring with it additional downside risk—the risk of not being able to ful ll unexpectedly high demand, or maintain expected business momentum, for example.
Organizations need to be more adaptive to change. They need to think strategically about how to manage the increasing volatility, complexity, and ambiguity of the world, particularly at the senior levels in the organization and in the boardroom where the stakes are highest.
Enterprise Risk Management—Integrating with Strategy and Performance provides a Framework for boards and management in entities of all sizes. It builds on the current level of risk management that exists in the normal course of business. Further, it demonstrates how integrating enterprise risk management practices throughout an entity helps to accelerate growth and enhance performance. It also contains principles that can be applied—from strategic decision-making through to performance.
Below, we describe why it makes sense for management and boards to use the enterprise risk management framework, what organizations have achieved by applying enterprise risk management, and what further bene ts they can realize through its continued use. We conclude with a look into the future.